Post navigation

A judge in a Scottish court has just taken a privacy ruling from cyberspace and applied it to the real world as he fined a couple for videoing their neighbours through a webcam ostensibly set to monitor his back garden.

The same judgment arguably also transfers the obligations of a corporation to the individual, classifying the man doing the filming as a data controller.

The case was brought against Edinburgh’s Nahid Akram, who with her husband Sohail installed a set of cameras after applying to change the use of their house to a bail hostel. The application had been opposed by neighbours Debbie and Tony Woolley and according to press reports, relations between the families soured after that point.

The sheriff in the court agreed in the judgment that the Akrams – specifically Nahid, named in the case – had deliberately trained their cameras and microphones on the Woolleys’ home, compromising their privacy. They felt unable to go out and converse in their own back garden and their daughter felt unable to sunbathe because it would be filmed and the footage retained for up to five days.

The judge ruled against the Akrams, awarding £17,000 compensation to the Woolleys, in a move that is noteworthy on a number of grounds.

First, the judgment refers back to a case brought against Google for continuing to track Safari users when they had logged out of Google.

Second, reassuringly, it establishes absolutely that there is more to privacy than the financial implications; outside the legal costs, the Woolleys technically didn’t pay anything for this.

Third, and this is a key point, the Akrams claimed they weren’t actually keeping the recordings because the system kept it for five days only by default. This was comprehensively thrown out, so you could assume the “couldn’t be bothered with the settings” defence is from this point onward a non-starter.

Finally, as well as transferring the implications of the Google ruling into the “real” world, if that’s genuinely a distinction, we note it takes the effect from the corporate world and into the domestic arena.

Akram in effect became fully liable as a data controller and needed to implement all the due diligence that would have been needed in the corporate world once she’d done so.

Although this is a Scottish-only judgment for the moment, it should send clear messages out to everyone using a recording device of some sort and assuming they’re probably covered because they’re such small fry.

Some very good points so what of situations where individuals are taking photos or video footage say with a camera or their phone at an outside event such as at the zoo or at a concert, ultimately the phone/camera owners are data controllers the second they capture others in their photos intended or not, how on earth do you police that?

I would imagine this would come under public so any pictures/videos taken in public are allowed and wouldn’t be seen by the court in the same view.
Same with cameras on the front of your property. The front is classed as public view so as long as your cameras aren’t focused or pointing into someone house then the decision from the courts would have been different again.

I think the point here is that Ms Akram registered under UK law as the official Data Controller that companies need to appoint if they want to collect and use data of any sort, including CCTV. This isn’t like just being an individual with a mobile phone – it’s a formal responsibility that is meant to give you rights in return for accepting additional responsibilities, much like what happens when you register as a company director, or signing your driving licence. The court seems to have formed the opinion that Akram took all the rights but met none of the concomitant responsibilities, not even bothering to respond officially when required to do so.